5 Ways to Protect Your Accounts from Hackers

Being online puts you and your data at risk, but there are ways you can minimize your risk and make a hacker’s job harder.

By Jessica Davis

Nov 29, 2017

Whether it’s Imgur or Uber, new reports of data breaches and hacks seem to come out weekly. You may be tempted to go scorched-earth on your online presence, but deleting every account you have to prevent being hacked is impractical in today’s connected world. Yes, being online puts you and your data at risk, but there are ways you can minimize your risk and make a hacker’s job harder.

Here are four steps you can take to protect your accounts against hacks and data breaches.

Keep tabs on what sites may be compromised: Anywhere you have an account could potentially be hacked, so it’s good to stay in the know as to what sites have had breaches or data leaks. You can always do a quick Google, and the site Vigilante.PW maintains a searchable directory of reported hacks and data breaches. If you find a site you use has been compromised, it’s a good idea to change your password for that account.

Check whether your accounts have been compromised: The site Have I Been Pwned? is a free resource that allows you to see if an account of yours has been compromised (or “pwned,” an internet term meaning dominated or owned) in a data breach. HIBP collects data (email addresses and usernames, not passwords) from publicly leaked breaches and aggregates it to make it easy to search its database for your email or username. When you enter your email or username, it provides a list of breaches in which your account was found, listing the site, a short summary of the incident and the data that may have been compromised. If you find yourself “pwned,” you should change your passwords to not only the compromised account, but any account that shares that password and your email account as well.

Create strong passwords: By now, we should all know that “password1” and “12345678” are two of the easiest passwords to guess and the first hackers will try. Every account you have should use a different password and they should all be as strong as possible. Research shows one good option is long passwords (at least 12 characters) with at least two or three different types of characters (lowercase, uppercase, digits and symbols) put in unpredictable places – no capital letters at the beginning and no digits or symbols lumped at the end. Another good method is to combine partial 2-4 unrelated words together and mix in other types of characters. Your online banking and email accounts should have particularly strong passwords, as they hold your most valuable information.

Use a password manager: All of these random, secure passwords may be difficult to remember – it’s helpful to use a password manager like LastPass or Dashlane to keep track of them for you. Many password managers can even generate randomized strong passwords for you and run security audits to let you know when passwords are weak or used across multiple accounts.

Enable two-factor authentication: Many sites now offer two-factor authentication as a security measure. You log in with your username and password and are then asked to enter a validation code, usually sent by text message to your phone. In theory, this makes it more difficult for hackers to get in – even if they have your password, they would need the texted code.